important privacy and security concerns

hidden files

files are always viewable if their file IDs are known

there is no easy way to hide that a file is stored in thalassa if its file ID is known

file IDs are simply base64 SHA256 hashes of the actual file, this means anyone with a copy of the file themselves can hash it and check to see if it exists on your instance

in my other file archive, persephone, there is a flag for private and group protected files that would put those files in a non-public directory and serve them only to authorized users, and otherwise return a file not found error the same as any other non-existant file

because there is no userbase with group permissions (and to reduce complexity), this feature was not re-implemented in thalassa

thalassa is intended to be public-facing

there are some methods to make an instance semi-private, but they should be undertaken by experienced users

tag discoverability

tag information isn't always exposed through the site, but the tag list is available if anyone looks for it, and the tag suggestion list can be brute forced by entering the alphabet one letter at a time

be aware when using tags on files, even if those tags are only ever used on files tagged #hidden that normal users can't search for, they may be able to determine the theme or content of hidden files in general by tags present in the suggestion list but with no public results

if you're concerned about specific tags being exposed, consider adding them to clutter_tags in the site configuration, this will prevent them from being added to the suggestions list

you won't be able to use the tag field suggestion list to find or quickly complete them, but you can still search for them, and they will not be discoverable by users